Data security
Five rings between your data and anyone else
No single control is trusted on its own. A breach would need several independent failures at once — and every release we attack our own walls to prove they hold.
Your data stays in Australia. Your risk stays with us.
Your data stays yours
Onshore databases and Australian infrastructure. Defence-in-depth, not a single checkbox.
Isolation-first
Identity proven at login, never trusted from the browser. One locked path for every read and write.
We test our walls
Continuously verified, every release — a single cross-school attempt blocks the deploy.
The frame
Safety before you even ask
Digital technology in schools is never easy — but done well, it can make all the difference. This is how EthosOne has it handled before you even ask: your data stays yours, in Australia; defence-in-depth with AI hosted onshore; and we attack our own system every release.
Board-ready in 30 days, or you don't pay until you are.
Our model
Five independent rings
Each ring is a separate control. Together they mean an attacker would need to defeat identity, access path, database rules, file ownership and the AI boundary — not just one misconfiguration.
- 1
Identity
Proven at login. Never trusted from the browser.
Tenant identity is locked to the verified session. We prove who you are at login and carry that proof through every request — we never accept school context from the browser alone.
- 2
One locked path
Every read and write through one guarded gate.
There is a single guarded path for data access. Reads and writes pass through one controlled gate so isolation rules cannot be bypassed by a stray endpoint or shortcut.
- 3
Database guardrails
Ownerless records rejected; crown jewels encrypted.
Records without a valid owner are rejected at the database layer. Sensitive fields are encrypted so a breach at one layer does not expose crown-jewel data.
- 4
File storage
Private; ownership checked before every download.
Files are private by default. Before any download, we verify the requesting user owns or is authorised for that file — not just that they are logged in.
- 5
The AI surface
Retrieval stays home; the model sees only scoped context.
Retrieval stays in our Australian environment. The model is stateless and injection-resistant — it sees only scoped, school-specific context and holds no credentials of its own.
Verified every release
Continuously verified, every release — a single cross-school attempt blocks the deploy.
We run synthetic attacker schools against our own platform before a deploy ships. Cross-tenant access is not a known risk we accept — it is a release gate.
Ring 5
The AI surface is governed too
Retrieval stays home. The model is stateless and sees only scoped context. We are an AI-native firm building for public good — with OECD principles, sovereign hosting and PolicyAI matched to your source of truth.
Common questions
Where is our school's data stored?
Australia, onshore — databases and infrastructure stay in country.
Can another school ever see our data?
Tenant identity is locked to the verified session. Ownerless records are rejected at the database layer, and we run synthetic cross-school attacks on every release.
Do you use our data to train AI models?
No. Retrieval stays home; the model sees only scoped, school-specific context. See our AI governance page for how PolicyAI is governed.
How do you know the isolation holds?
Continuously verified, every release — a single cross-school attempt blocks the deploy.
Board-ready in 30 days
EthosOne supports everyone who plays a role in school governance:
What you can expect
Governance Clarity
Boards get consistent, ready-to-present insights.
Assurance Confidence
No blind spots, everything tracked under ownership.
Compliance Control
State-aligned obligations managed and visible.
Risk Transparency
ISO-aligned risk management with accountability.
Walk into the next board meeting already sure.
When the assessor calls, the evidence is already there.